# -*- coding:utf-8 -*-
"""
    异常文件检测
"""
@config(alias="file", enable=True)
def check_last_mod_file(option):
    """检查近期被修改的文件"""
    shell_process = os.popen('''find / ! -path "/proc/*" -type f -mtime 0 2>/dev/null | grep -E "\.(py|sh|per|pl|php|asp|jsp)$"''').read().splitlines()
    log("近期共有 {} 个文件被修改，逐一排查风险".format(green(len(shell_process))))

    if not len(shell_process):
        monitoring_objects_num("file") # 没有信息，检测项加1
        return False
    ret = False
    for fname in shell_process:
        monitoring_objects_num("file") # 存在信息，每条检测项都加1
        if 1:
            content = analysis_file(fname)
            if content:
                save_result(fname, "文件异常，包含可疑代码", 'h')
                ret = True
        else:
            pass
    return ret

@config(alias="evel", enable=True)
def check_evel_file(option):
    """恶意文件检测"""
    ret = False
    for file in g_threat_files:
        if os.path.isfile(file):
            danger_file(file)
            save_result("恶意文件检测", "发现恶意文件: %s 请及时进行处理!"%(file), 'm')
            ret = True
    return ret